Synopsis :

The remote Debian host is missing a security-related update.

Description :

Nelson Elhage discovered that incorrect memory handling during the
removal of ISA devices in KVM, a solution for full virtualization on
x86 hardware, could lead to denial of service or the execution of
arbitrary code.

See also :

http://www.debian.org/security/2011/dsa-2241

Solution :

Upgrade the qemu-kvm packages.

For the stable distribution (squeeze), this problem has been fixed in
version 0.12.5+dfsg-5+squeeze2.

Risk factor :

High / CVSS Base Score : 7.4
(CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false